- Description
- Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:N
- nvd@nist.gov
- CWE-347
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xoev:osci_transport_library:1.6:*:*:*:.net:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC7159A3-28E0-4AE2-A2A5-7B5F44D7305F"
},
{
"criteria": "cpe:2.3:a:xoev:osci_transport_library:1.6.1:*:*:*:java:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F00B66D-46D7-4D58-A1A0-7BA1AD5C0EEE"
}
],
"operator": "OR"
}
]
}
]